1. Field of the Invention
The present invention relates generally to cryptographic communication systems, and more specifically, toward the verification of information encrypted within a data recovery field.
2. Related Art
Communication between two parties can be secured through the encryption of data using a symmetric session key. One method of generating a session key uses a Diffie-Hellman key exchange. The session key is determined by a sender based on a private key of the sender and a public key of a receiver. The session key is determined by the receiver using a private key of the receiver and a public key of the sender. Because of the way in which the private key and the public key are determined, the sender and the receiver will each determine the identical session key. Once determined, the session key is used to encrypt the communications between the two parties.
Law enforcement officials are naturally concerned with the widespread use of encryption by criminal entities. Accordingly, law enforcement officials require some form of assurance that they will be able to recover the encrypted communications under the proper circumstances, for example, after obtaining a court order. This form of limited access to the encrypted communications is enabled by the creation and use of a data recovery field ("DRF"), and more particularly a key recovery field ("KRF"). The KRF includes the session key encrypted using the public key of a recovery agent (e.g., a trusted data recovery center ("DRC")) or other information that only the recovery agent can use to determine the session key For a law enforcement official to recover the contents of the KRF, the law enforcement official provides the KRF together with a suitable court order to the DRC. If the court order is valid, the DRC uses the KRF to determine the session key and provides it to the law enforcement official, thereby allowing access to the encrypted session.
From the standpoint of the government, this system will only be effective if the session key or other information included within the KRF is the same session key that was used to encrypt the communications. Thus, what is needed is a system and method for verifying that the session key can be recovered from information included within the KRF without revealing any private information.